Pat wrote:

> There currently any facility to do this other than the ones
> your aware of (Java policy file, etc.).

> I'm interested in hearing what would be useful.  But I think real
> security is only possible in conjunction with a Java security policy.
 
You might want to check out how Rhino does this:
 
http://www.mozilla.org/rhino/apidocs/org/mozilla/javascript/SecuritySupport.html
 
Here's an example class that completely restricts the Interpreter, this class is compiled and used when instantiating a context for an interpreter.  In this case, visibleToScripts(classname) always returns false so no Java classes are available.  This is the only reason I chose Rhino over BeanShell for our current project.
 
/* Highly Restrictive Sandbox that allows no access to any Java Classes */
 
import org.mozilla.javascript.*;
 
public class PageScriptSandbox implements SecuritySupport {
 
    public PageScriptSandbox() {
    }
 
    public Class defineClass(String name, byte[] data,
                             Object securityDomain)
    {
        return null;
    }
 
    public Class[] getClassContext() {
        return null;
    }
 
    public Object getSecurityDomain(Class cl) {
        return null;
    }
 
    public boolean visibleToScripts(String fullClassName) {
        return false;
    }
}